Windows 2000 Security Target ST Version 2.0 18 October 2002 Prepared For: Microsoft Corporation Corporate Headquarters One Microsoft Way Redmond, WA 98052-6399 Prepared By: Science Applications International Corporation 7125 Gateway Drive Columbia, MD 21046 Windows 2000 Security Target Rev 2.0 10/18/02 ST Master, 10/18/02, Rev 1.9 1. SECURITY TARGET INTRODUCTION......................................................................................... 1 1.1 SECURITY TARGET, TOE, AND CC IDENTIFICATION....................................................................... 1 1.2 CC CONFORMANCE CLAIMS ........................................................................................................... 1 1.3 STRENGTH OF ENVIRONMENT ......................................................................................................... 2 1.4 CONVENTIONS, TERMINOLOGY, ACRONYMS................................................................................... 2 1.4.1 Conventions ............................................................................................................................ 2 1.4.2 Terminology............................................................................................................................ 2 1.4.3 Acronyms ................................................................................................................................ 3 1.5 SECURITY TARGET OVERVIEW AND ORGANIZATION....................................................................... 3 2. TOE DESCRIPTION........................................................................................................................... 4 2.1 PRODUCT TYPE ............................................................................................................................... 4 2.2 PRODUCT DESCRIPTION................................................................................................................... 5 2.3 PRODUCT FEATURES ....................................................................................................................... 5 2.3.1 Windows 2000 Administration and Management Features.................................................... 5 2.3.2 Windows 2000 Network Security Features............................................................................. 7 2.3.3 Windows 2000 Scalability Features ....................................................................................... 7 2.4 SECURITY ENVIRONMENT AND TOE BOUNDARY............................................................................ 8 2.4.1 Logical Boundaries................................................................................................................. 8 2.4.2 Physical Boundaries.............................................................................................................10 2.5 TOE SECURITY SERVICES ............................................................................................................. 10 3. SECURITY ENVIRONMENT.......................................................................................................... 12 3.1 THREATS TO SECURITY ................................................................................................................. 12 3.2 ORGANIZATIONAL SECURITY POLICIES ......................................................................................... 12 3.3 SECURE USAGE ASSUMPTIONS ...................................................................................................... 13 3.3.1 Connectivity Assumptions..................................................................................................... 13 3.3.2 Personnel Assumptions......................................................................................................... 13 3.3.3 Physical Assumptions ........................................................................................................... 14 4. SECURITY OBJECTIVES ............................................................................................................... 15 4.1 IT SECURITY OBJECTIVES ............................................................................................................. 15 4.2 NON-IT SECURITY OBJECTIVES .................................................................................................... 16 5. IT SECURITY REQUIREMENTS................................................................................................... 17 5.1 TOE SECURITY FUNCTIONAL REQUIREMENTS.............................................................................. 17 5.1.1 Audit (FAU) Requirements ................................................................................................... 20 5.1.2 Cryptographic Support (FCS) .............................................................................................. 24 5.1.3 User Data Protection (FDP) Requirements ......................................................................... 24 5.1.4 Identification and Authentication (FIA)................................................................................ 26 5.1.5 Management Requirements (FMT)....................................................................................... 28 5.1.6 Protection of the TOE Security Functions (FPT) ................................................................. 32 5.1.7 Resource Utilization (FRU).................................................................................................. 33 5.1.8 TOE Access (FTA)................................................................................................................33 5.1.9 Trusted Path/Channels ......................................................................................................... 34 5.2 TOE SECURITY ASSURANCE REQUIREMENTS ............................................................................... 34 5.2.1 Configuration Management (ACM)...................................................................................... 35 5.2.2 Delivery and Operation (ADO) ............................................................................................ 37 5.2.3 Development (ADV).............................................................................................................. 38 5.2.4 Guidance Documents (AGD)................................................................................................ 43 5.2.5 Life Cycle Support (ALC) ..................................................................................................... 44 5.2.6 Security Testing (ATE)..........................................................................................................47 5.2.7 Vulnerability Assessment (AVA) ........................................................................................... 49 ©Microsoft Corporation, 2002 i Windows 2000 Security Target Rev 2.0 10/18/02 5.3 SECURITY REQUIREMENTS FOR THE IT ENVIRONMENT................................................................. 51 6. TOE SUMMARY SPECIFICATION............................................................................................... 52 6.1 TOE SECURITY FUNCTIONS .......................................................................................................... 52 6.1.1 Audit Function ...................................................................................................................... 52 6.1.2 User Data Protection Function ............................................................................................ 56 6.1.3 Identification and Authentication Function.......................................................................... 62 6.1.4 Security Management Function............................................................................................ 67 6.1.5 TSF Protection Function ...................................................................................................... 69 6.1.6 Resource Utilization Function.............................................................................................. 74 6.1.7 Session Locking Function..................................................................................................... 74 6.2 TOE SECURITY ASSURANCE MEASURES....................................................................................... 75 6.2.1 Process Assurance................................................................................................................ 75 6.2.2 Delivery and Guidance......................................................................................................... 76 6.2.3 Design Documentation ......................................................................................................... 76 6.2.4 Tests...................................................................................................................................... 78 6.2.5 Vulnerability Assessment...................................................................................................... 78 7. PROTECTION PROFILE CLAIMS................................................................................................ 80 7.1 PROTECTION PROFILE REFERENCE ................................................................................................ 80 7.2 PP REQUIREMENTS IN ST.............................................................................................................. 80 7.3 PROTECTION PROFILE DIFFERENCES AND ENHANCEMENTS .......................................................... 80 7.3.1 Protection Profile Differences.............................................................................................